July 4, 2022

FBI Director Compares Ransomware Challenge to 9/11

FBI Director

Christopher Wray

said the agency was investigating about 100 different types of ransomware, many of which trace back to hackers in Russia, and compared the current spate of cyberattacks with the challenge posed by the Sept. 11, 2001, terrorist attacks.

“There are a lot of parallels, there’s a lot of importance, and a lot of focus by us on disruption and prevention,” Mr. Wray said in an interview Thursday. “There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”

Mr. Wray’s comments—among his first publicly since two recent ransomware attacks gripped the U.S. meat and oil-and-gas industries—come as senior Biden administration officials have characterized ransomware as an urgent national-security threat and said they are looking at ways to disrupt the criminal ecosystem that supports the booming industry. Each of the 100 different malicious software variants are responsible for multiple ransomware attacks in the U.S., Mr. Wray said.

SHARE YOUR THOUGHTS

What are your greatest concerns about cyber issues? Join the conversation below.

Ransomware is a type of malicious computer code that locks up a victim network’s files that hackers use to demand payment for their release, typically with digital currency such as bitcoin.

This week, hackers held hostage the world’s largest meat processor, just weeks after the operator of an essential pipeline bringing gasoline to parts of the East Coast paid about $4.4 million to regain control of its operations and restore service.

Senior officials at the Federal Bureau of Investigation for years have likened the need to confront rising cyber threats to the post-9/11 scramble against international terrorism. But Mr. Wray said the wave of recent ransomware attacks had spotlighted the toll cyberattacks can have on all Americans.

“Now realizing it can affect them when they’re buying gas at the pump or buying a hamburger—I think there’s a growing awareness now of just how much we’re all in this fight together,” Mr. Wray said.

While the most prominent of the recent ransomware hacks disrupted gasoline deliveries and took meat-processing plants temporarily offline, they represent only a fraction of the some 100 types of ransomware the FBI is investigating, Mr. Wray said. “Those are just two,” he said, adding that each of those 100 different malicious software variants had affected between a dozen and 100 targets.

“The scale of this problem is one that I think the country has to come to terms with,” he said.

A cyberattack on the U.S.’s largest fuel pipeline on May 7 forced a shutdown that triggered a spike in gas prices and shortages in parts of the Southeast. WSJ explains just how vulnerable the nation’s critical energy infrastructure is to attack. Photo illustration: Liz Ornitz/WSJ

Complaints to the FBI and reports from the private sector show ransomware incidents have tripled in the past year, Mr. Wray said. While private-sector estimates of the toll to the U.S. economy vary, companies that track ransomware generally put the cost at hundreds of millions or billions of dollars annually and say it is rapidly increasing.

U.S. authorities have attributed this week’s attack on

JBS SA,

the world’s biggest meat company by sales, to a criminal ransomware gang in Russia, and the White House has said President Biden planned to bring up the problem during a summit with Russian President

Vladimir Putin

in Geneva planned for June 16. Mr. Biden said he would look closely at whether to retaliate against Russia for the attacks.

In the interview, Mr. Wray singled out Russia as harboring many of the known users of ransomware, providing a haven that security experts and U.S. officials have said has allowed criminal ransomware gangs to flourish throughout Eastern Europe.

“Time and time again, a huge portion of those traced back to actors in Russia. And so, if the Russian government wants to show that it’s serious about this issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing right now,” Mr. Wray said.

Mr. Wray, who has led the bureau since 2017, has about six years remaining in his 10-year term, and Mr. Biden has said he planned to keep Mr. Wray in the post. He has kept a low profile during his tenure, as the FBI faced criticism from former President

Donald Trump,

who publicly and privately contemplated firing Mr. Wray. In his few public appearances during the pandemic, Mr. Wray has pushed the private sector and international community to collaborate more with the FBI to battle hackers, including those from criminal gangs and foreign intelligence services seeking information from U.S. companies or institutions.

While the FBI has a policy of discouraging targets of such cyberattacks from paying the ransom, Mr. Wray said the agency was more interested in having companies cooperate with the bureau in their investigations into the attacks, to help piece together the puzzle of who was behind the attacks and figure out ways to thwart them.

On Thursday, Deputy Attorney General Lisa Monaco issued a memorandum to U.S. attorney’s offices around the country urging all ransomware investigations to be coordinated with a task force created in April.

Mr. Wray said coordination can pay off for ransomware victims and law enforcement alike. “I don’t want to suggest that this is the norm, but there have been instances where we’ve even been able to work with our partners to identify the encryption keys, which then would enable a company to actually unlock their data—even without paying the ransom,” he said.

Cybersecurity experts who have tracked the proliferation of ransomware attacks for years said they were encouraged by signals from Mr. Wray and others in the Biden administration that the issue had been elevated to a top national-security priority, but said the problem remained vexing.

“We will have to be creative and aggressive if we want to turn back the tide of this problem,” said John Hultquist, vice president of analysis at the cybersecurity firm Mandiant. Security researchers have cited huge profit margins, ease of payments through digital currency and lack of criminal consequences as difficult-to-solve factors contributing to the rise of ransomware.

Other senior administration officials this week echoed Mr. Wray’s call for coordination, saying the government can only do so much to combat ransomware gangs when the targets largely are private companies, most of which operate with little to no federal regulatory oversight of their cybersecurity standards.

Some Republicans have pressed the Biden administration to be more forceful in its response to ransomware and explain more clearly what penalties exist for hackers who target critical infrastructure.

“The danger from cyberattack is real, and we need more urgent cooperation between our public and private sectors, and more severe consequences for global cyber attackers,”

Sen. Ben Sasse

(R., Neb.) said after the JBS hack was disclosed this week.

Anne Neuberger,

the White House deputy national security adviser for cyber and emerging technology, sent a memo to corporate executives and business leaders this week urging companies to “immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.”

In the memo, a copy of which was reviewed by The Wall Street Journal, Ms. Neuberger said the Biden administration was working with other countries to hold ransomware gangs accountable.

“But we cannot fight the threat posed by ransomware alone,” Ms. Neuberger said. “The private sector has a distinct and key responsibility. The federal government stands ready to help you implement these best practices.”

Companies at Risk of Cyberattacks

Write to Aruna Viswanatha at [email protected] and Dustin Volz at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

in Tech
Related Posts

Warren Buffett Says He’s Quitting Gates Foundation

June 23, 2021

June 23, 2021

May 2, 2015 – Omaha, Nebraska, U.S. – WARREN BUFFETT and BILL GATES discuss newspaper tossing skills at the 50th...

Amazon’s Prime Day Is Earlier Than Usual This Year. Here’s When It Is and What to Expect.

June 21, 2021

June 21, 2021

This year’s Prime Day, running on Monday and Tuesday and a month earlier than it typically does, creates a likely...

U.S. Mandates Body Cameras for Federal Law-Enforcement Officers

June 8, 2021

June 8, 2021

WASHINGTON—The Justice Department will require federal agents to wear body cameras when executing arrest warrants or searching buildings, Deputy Attorney...

Didi Stock Rises on First Day, Notching Market Value Near $80 Billion

June 30, 2021

June 30, 2021

Didi Global Inc.’s stock jumped on the first day of trading after its IPO, as investors gobbled up shares of...

Microsoft’s Bing Temporarily Blocked Searches of Tiananmen Square ‘Tank Man’ Image

June 4, 2021

June 4, 2021

Searches for the image known as ‘Tank Man’ were temporarily blocked on Microsoft’s Bing search engine on Friday, the anniversary...

Google Nears Settlement of Ad-Tech Antitrust Case in France

May 27, 2021

May 27, 2021

Alphabet Inc.’s GOOG -1.27% Google is nearing a settlement of an antitrust case in France alleging the company has abused...

Google Faces EU Antitrust Probe of Alleged Ad-Tech Abuses

June 22, 2021

June 22, 2021

The European Union opened a formal antitrust investigation into allegations that Google abuses its leading role in the advertising-technology sector,...

Google Proposes U.K. Oversight Role in Retirement of Web Cookies

June 11, 2021

June 11, 2021

Google pledged to collaborate with U.K. regulators on the removal of a user-tracking technology from its Chrome browser, one of...

Tesla Shareholder Panasonic Sells Stake for $3.6 Billion

June 25, 2021

June 25, 2021

TOKYO— Tesla Inc.’s TSLA 1.09% leading battery supplier is no longer a Tesla shareholder. Panasonic Corp. PCRFY 2.20% said Friday...

Amazon to Buy MGM for $6.5 Billion Excluding Debt

May 26, 2021

May 26, 2021

Amazon.com Inc. AMZN 0.67% said it has agreed to acquire Hollywood studio MGM Holdings, a deal the e-commerce giant is...

Puerto Rico’s Power Distributor Suffered a Cyberattack Hours Before a Devastating Fire

June 11, 2021

June 11, 2021

Puerto Rico’s main power provider suffered a cyberattack shortly before a fire at a substation in San Juan Thursday caused...

What a Tech Breakup Could Mean for You

July 3, 2021

July 3, 2021

As momentum builds to curtail the power of Big Tech, lawmakers, Beltway pundits and the companies themselves are all competing...

China Evergrande Scrapes Together More Cash From Tech Company Stake Sale

November 9, 2021

November 9, 2021

SINGAPORE— China Evergrande Group raised around $145 million in recent days by selling a chunk of its shares in a...

Bitcoin Price Slips on Elon Musk’s Breakup Meme Tweet

June 4, 2021

June 4, 2021

Bitcoin, dogecoin and other cryptocurrencies skidded Friday, extending their monthlong rout, following another cryptic tweet from Elon Musk. Bitcoin was...

Short-Staffed Restaurants Prop Up Table Service With Technology

June 30, 2021

June 30, 2021

Casual-dining chains are leaning on technology to make the sit-down restaurant experience more automated for guests and more streamlined for...